package com.infovane.utils;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.infovane.base.BaseLog;

/**
 * @author xuanaiwu 权限拦截器
 */
public class SecurityFilter extends BaseLog implements Filter {

	public void destroy() {

	}

	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest req = (HttpServletRequest) request;
		HttpServletResponse rep = (HttpServletResponse) response;
		String strUrl = req.getServletPath().toString();
		String strPath = req.getContextPath();
		
		//System.out.println("strUrl="+strUrl);
		//System.out.println("strPath"+strPath);
		
		if (strUrl.indexOf("/admin") >= 0 && strUrl.indexOf("adminLogout") >= 0) {
			chain.doFilter(request, response);
			return;
		} else if (strUrl.indexOf("/admin") >= 0 && strUrl.indexOf(".") < 0) {
			HttpSession session = req.getSession();
			Object o = session.getAttribute("ADMIN");
			if (o != null) {
				int limit;
				int ifadmin;
				try {
					limit = (Integer) req.getSession().getAttribute("LIMIT");
					ifadmin = (Integer) req.getSession()
							.getAttribute("IFADMIN");
				} catch (NullPointerException e) {
					limit = 0;
					ifadmin = 0;
				}
				if (ifadmin >= 1 && limit >= 1) {
					chain.doFilter(request, response);
					return;
				} else if (ifadmin >= 1 && limit < 1) {
					chain.doFilter(request, null);
					return;
				} else {
					logger.info("该用户没有该权限!");
					rep.sendRedirect(strPath + "/admin/login.jsp");
					return;
				}
			} else {
				logger.info("该用户没有该权限!");
				rep.sendRedirect(strPath + "/admin/login.jsp");
				return;
			}
		} else if (strUrl.indexOf("/admin") >= 0
				&& strUrl.indexOf("login.jsp") >= 0) {
			chain.doFilter(request, response);
			return;
		} else if (strUrl.indexOf("/admin") >= 0 && strUrl.indexOf(".jsp") >= 0) {
			HttpSession session = req.getSession();
			Object o = session.getAttribute("ADMIN");
			if (o != null) {
				int limit;
				int ifadmin;
				try {
					limit = (Integer) req.getSession().getAttribute("LIMIT");
					ifadmin = (Integer) req.getSession()
							.getAttribute("IFADMIN");
				} catch (NullPointerException e) {
					limit = 0;
					ifadmin = 0;
				}
				if (ifadmin >= 1 && limit >= 1) {
					chain.doFilter(request, response);
					return;
				} else if (ifadmin >= 1 && limit < 1) {
					chain.doFilter(request, null);
					return;
				} else {
					logger.info("该用户没有该权限!");
					rep.sendRedirect(strPath + "/admin/login.jsp");
					return;
				}

			} else {
				logger.info("该用户没有该权限!");
				rep.sendRedirect(strPath + "/admin/login.jsp");
				return;
			}

		}else if(strUrl.indexOf("/user")>=0&&strUrl.indexOf("login.jsp")>=0){
			chain.doFilter(request, response);
			return;
		}else if(strUrl.indexOf("/user")>=0&&strUrl.indexOf("jsp")>=0){
			HttpSession session =req.getSession();
			Object o=session.getAttribute("USER");
			if(o!=null){
				chain.doFilter(request, response);
				return;
			}else{
				logger.info("该用户没有权限!");
				rep.sendRedirect(strPath+"/user/login.jsp");
				return;
			}
			
		}else {
			chain.doFilter(request, response);
			return;
		}
	}

	public void init(FilterConfig config) throws ServletException {

	}

}
